Fork me on GitHub
Vincent Cantin01:01:07

Is there anything remotely similar to Meteor in Clojure? I mean, a framework to make realtime apps quickly.


Not sure natively, but I like the prospect. Considering Mr. Clean is on the radar for a react preplacement, there's a lot of potential for something like this.


meteor is more a framework, clojurians tend to prefer small libraries that compose

Daniel Hines16:01:56

Fulcro+Pathom+Workspaces is a really nice workflow! Has all the plumbing you need for sockets, etc. If you're more adventurous and this is a totally greenfield project, Nikolas Gobel just gave a really amazing talk on his work on 3df:

👍 5
😍 5
bubblebobble 5
Vincent Cantin17:01:47

Thanks for this video, it is really relevant to what I was looking for.

Vincent Cantin17:01:08

I am indeed looking into writing or using such a system and try to put all the pieces together. I was wondering about what I should use as a reactive data query language.

Vincent Cantin17:01:01

Datascript, Pathom, D2Q, EQL and QLKit are on my to-read list, and now this video too.

Daniel Hines18:01:34

Yeah, its' really awesome how many people are working in this space right now, with great results! Another to investigate is . Chris is doing fantastic work on this as well.

Daniel Hines18:01:15

Datsync comes with a whole suite of tools aimed at making this easier.


If they are, they probably need a license for that logo.

Alex Miller (Clojure team)14:01:02

Rich usually does not grant use of the logo for stuff like this

😠 15

What's the license for using the Clojure logo?

Alex Miller (Clojure team)15:01:45

not licensed, it’s a trademark. generally Rich does not grant its use for products for sale.


Well if Cognitect plans on mass producing it please make a coffee version too


does this make me a criminal? 🙂


I'd also go for (transduce drink coffee)


Do you also include the WARNING: Wrong number of args (2) passed to transduce?


(slurp coffee)

💯 70

Dunno if this is a well-discussed point already, but aren't tools.deps "git dependencies" inherently more secure than Mavencentral/Clojars? The problem I see with clojars (and rubygems, and npm) is that there's no guarantee that a release artifact corresponds in any way to a git "release" (tag or commit) So, my-clojars-release 2.1.1 could distribute evil or buggy stuff that my-git-release 2.1.1 does not reflect There are multiple possible bad scenarios: - library author is evil, pushed hidden stuff in his jar - library author's machine is compromised, he unknowingly pushes evil stuff - clojars or mavencentral are compromised, and release 2.1.1 is mutated with evil stuff (releases are immutable for library authors, but not for repositories, I would guess) I tried to play with the idea of adding a "verification sha" to clojars dependencies, but I believe checking a .jar's sha would involve git cloning the repo... which is a roundabout way of doing what tools.deps already does Thoughts? More specifically: would there be any downsides for using "git deps" whenever possible (other than for Java stuff)?

Daniel Hines16:01:12

THANK YOU! I've been wondering this same thing from the start of working with npm/nuget/maven/whatever. My stomach drops every time I npm install something, but everyone does it so it must be fine right :face_with_rolling_eyes:

🙌 5

Git is not that safe. If is not a signed commit, I can change/fake the remote and deliver any "code"


But, tools.deps specifications go against SHAs. So if you checked that [email protected] is safe, nothing can change that

☝️ 15

Did you really check that all commits up to [email protected] are safe? ;] Without signed commits, a safe commit SHA theoretically can have a collision with a compromised one. But more likely, a compromised repo will have unsigned commits that were spoofed to look authentic from the original author (and don’t we all just grab the latest from master / readme)? There was an interesting thought experiment posted in 2012 that is relevant:

📖 5

> Did you really check that all commits up to [email protected] are safe? checking the file tree (as of <sha>) is enough? especially for small-to-medium libraries. Will read the article regardless!

Lennart Buit20:01:51

I think you can sign .jar with your GPG key

Lennart Buit20:01:23

but that says who signed it, not what is signed


I can’t speak to that, but this excellent piece has more on those concerns:


This is a really interesting piece, thanks

Denis G17:01:08

any good reads on REST/RPC? what do you prefer? in which use-cases?


I feel like rpc/messaging passing is what is used everywhere else, but as soon as you want to talk over http, rest comes up, and like, why? if rest isn't so great that you are trying to bring all your non-http apis to it, then why saddle your http apis with it?

Mario C.17:01:48

Do you guys buy your own tools or does your workplace always pay for it?


I prefer to buy my own tools, then when I go, they go with me.


i was offered a laptop but moved back to a personal machine that i much prefer


Ah, I did take the laptop — mucho $$$ plus I don’t want company IT having a say in what I have on my personal machine.

Mario C.17:01:40

I am thinking of getting paid version of tableplus and robo 3t but it would be out of pocket


oh software licenses i would get work to pay for

💯 5

Interesting, hadn’t seen TablePlus before.

Mario C.18:01:41

yea its really nice for my basic usage


database software seems to me to be something work should pay for. are they unwilling?

Mario C.18:01:59

I am not sure, I think they would but we use pgadmin which is free

Mario C.18:01:12

they might just say to use that


they might. you also might introduce a tool to the team that makes everyone more productive


I’m not a big fan of per-computer licensing tho.